Published: 29 July 2014
The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors.
Launchpad, Ubuntu, Debian
|Ubuntu 14.04 ESM (Trusty Tahr)||
Does not exist
(trusty was released [1.7.2-0ubuntu1.2])
The patch below introduces a regression preventing the web interface from being able to read log files. (See comments in bug 4455.)